Magento Open Source, 1.9.x

Magento 1.x Security Patch Notice
For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.

Email Template Configuration

Security Notice! We recommend that all merchants immediately set their mail sending configuration to protect against a recently identified potential remote code execution exploit. Until this issue is resolved, we highly recommend that you avoid using Sendmail for email communications.  In the Mail Sending Settings, make sure that Set Return Path is set to "No." To learn more, see the Magento Security Center posting.

The configuration for transactional email templates is designed to support multiple devices. The email logo that is uploaded is designed to render well on high-resolution displays. The configuration specifies the header and footer templates that are used for all transactional email messages sent within the scope of the configuration. To support the requirements of many email clients, a variable has been added that is used to convert external CSS styles to inline styles. The name of the external CSS file that it references is specified in the configuration.